Question Harden Windows Security from HotCakeX - what you think, guys?

[badboy]

Recently discovered this wonderful product from a charming girl who is known here as SpyNetGirl.
Yes, I know it is already featured here, but the discussion was too long ago.

I wanted to ask: has anyone tried it and what are its main differences from defender UI (Pro among others)?

I am having a problem with the product. Maybe I'm doing something wrong, but after installation and configuration I don't see the icons in my system. I close PowerShell and lose access to GUI of product. I have to work through PowerShell each time and run the links specified in the project?

 

[Bot]

Yes, many users have tried Harden Windows Security and found it to be effective. The main difference from Defender UI Pro is that it provides more advanced settings for hardening your Windows system.

As for your issue, it sounds like a possible installation error. You shouldn't have to run through PowerShell each time. Try reinstalling the product and make sure to follow the installation instructions carefully. If the problem persists, you may want to reach out to the developer or the community for further assistance.

 

[oldschool]

what are its main differences from defender UI (Pro among others)?

DefenderUI Pro is simply a GUI for configuring MS Defender, with the addition of VoodooShield Lite. It's far more user friendly than @SpyNetGirl's app. Her app is a complete Windows hardening package which includes Windows Application Control. Her app requires user knowledge to lock down the system entirely. It essentially has the ability to apply enterprise-grade security using MS Security Baseline. If you don't understand it you can bork your system. Don't say you haven't been warned.

 

[bazang]

I am having a problem with the product. Maybe I'm doing something wrong, but after installation and configuration I don't see the icons in my system. I close PowerShell and lose access to GUI of product. I have to work through PowerShell each time and run the links specified in the project?

If you follow the instructions then you are doing nothing wrong.

Two causes:
1. Microsoft changed things and it does not work any longer (this is very common with Microsoft) and the project is not being maintained to be up-to-date; and/or
2. There is something about your system that is not compatible or working correctly.

Microsoft native Windows security is a constantly moving target. Every update can cause a breakage or changes.

 

[badboy]

DefenderUI Pro is simply a GUI for configuring MS Defender, with the addition of VoodooShield Lite. It's far more user friendly than @SpyNetGirl's app. Her app is a complete Windows hardening package which includes Windows Application Control. Her app requires user knowledge to lock down the system entirely. It essentially has the ability to apply enterprise-grade security using MS Security Baseline. If you don't understand it you can bork your system. Don't say you haven't been warned.

Thank you. SpyNetGirl really gave us a great enterprise level tool - she deserves a big thanks! I agree that you need to know how to use it.

What is your opinion on products from the respected Andy Ful? How dangerous is it for an inexperienced user to "play" with his programs? Is it possible to reset everything to the default settings afterward?

 

[oldschool]

What is your opinion on products from the respected Andy Ful?

Excellent apps.

How dangerous is it for an inexperienced user to "play" with his programs?

Less complex than SNG's app. Excellent UI.

Is it possible to reset everything to the default settings afterward?

Yes. Users still need to read and follow his Help info on using the app.

 

[Victor M]

That hardening powershell script is still undergoing developement. Last update was 5 days ago. I ran the first Hardening screen checking most boxes. It ran OK. Then I tried the Verify screen and it bombed out. Confirm that no icons were installed in Start menu.

According to the site, the hardening is based off 'MS Security Baseline Windows 11 24H2 download'. Google for it and you will find it. You have to download Both the baseline for your version of Windows and the LGPO.zip . Then extract the LGPO.exe and put it into Baseline > Scripts > Tools folder. Then, go to the Scripts folder, read the script, and find in the beginning comments the correct parameter that you want, probably the nonDomain option. This script is much faster than Spynetgirl's app.

After the script ran sucessfully, you may want to go into gpedit and change the Bitlocker setting for Removable Media, USB. Or else it will encrypt all your USB sticks too. It will make it impossible to share your USB stick with Linux.

You can also use Gpedit's filter to find all the modified settings. Note that the filter only works for the Administrative Templates section.

The Baseline is made for compatibility, not tight security. In particular, I made a few changes to what the baseline did. That includes setting Encryption to use TLS 1.2 and 1.3. (Many web sites now use TLS1.3, like MT. But some sites like Linkedin still use TLS1.2.) And also setting Defender to High+ blocking (the baseline set it to high only)

 

[Shadowra]

I'd already seen his script, which is really good but too violent... I managed to mess up my VM when I wanted to test it (I couldn't connect to my session).
I haven't tried again, lack of time.
Personally, I'd recommend @danb DefenderUI or @Andy Ful ConfigureDefender, which are much more user-friendly.